Cryptographic Module Validation Program


Cryptographic Module Validation Program (CMVP) is a NIST program that validates cryptographic modules to Federal Information Processing Standards (FIPS 140), Security Requirements for Cryptographic Modules, and other FIPS cryptography based standards.

FIPS 140-2, Security Requirements for Cryptographic Modules, was released on May 25, 2001 and supersedes FIPS 140-1. The CMVP is a joint effort between NIST and Canada's Communications Security Establishment (CSE).

Modules validated as conforming to FIPS 140-2 are accepted by the Federal Agencies of both countries for the protection of Sensitive Data.

Vendors of cryptographic modules use independent, accredited Cryptographic and Security Testing (CST) laboratories to test their modules. The CST laboratories use the Derived Test Requirements (DTR), Implementation Guidance (IG) and applicable CMVP programmatic guidance to test cryptographic modules against the applicable standards. NIST's Computer Security Division (CSD) and CSE jointly serve as the Validation Authorities for the program, validating the test results and issuing certificates.

More Information#

There might be more information for this subject on one of the following: